SharingSec

Recently on an independent research I've found the Goodreads API was vulnerable to a Reflected Cross-site scripting . The issue happens on their REST API on a callback function parameter. No sanitizing mechanism was found and the parameter is echoed back in the JSON payload, allowing a malicious user to potentially launch XSS attacks. I've submitted the issue to the Goodreads' security team and this was quickly fixed. Goodreads is an Amazon company with  55 millions of users. Their site is ranked 139 in the USA and 336 globally, according to Alexa . Proof Of Concept: Vulnerable API calls with XSS payload: https://www.goodreads.com/book/review_counts.json?callback=%3Chtml%3E%3Cbody%20onload=%22javascript:alert(%27XSS%27)%22%3E%3C/html%3E&isbns=0441172717 https://www.goodreads.com/book/isbn/0441172717?callback=%3Chtml%3E%3Cbody%20onload=%22javascript:alert(%27XSS%27)%22%3E%3C/html%3E&format=json Vulnerability Disclosu

Who doesn’t like chocolate? I am a big fan of a Brazilian coffee/chocolate chain called Ychocolates (fictitious name). They produce good chocolates and serve good coffee as well. Recently they introduced a simple loyalty program: you buy products there and earn points for each purchase. After certain amount of points, you can redeem them and transform them into a delicious chocolate. It sounds simple and straightforward. To participate in this program the person needs to supply their name, an CPF (Brazilian identification number) and a phone number.  Every time a person goes into one of their stores and buy something, they should supply their CPF and get the  points. Once you inform your CPF the cashier (verbally) will tell you how many points you have earned so far. If you have the minimum amount of points for a reward, you can get a chocolate. I’ve noticed cashiers always inform the accumulated points to the customer. It seems to be part of a procedure. I personally used my poi

Hi, I´ve uploaded a very simple Python script to brute force JWT Token signature  here . Enjoy it.